application query by tdi filter?

Home Forums Discussions General Discussion application query by tdi filter?

This topic contains 2 replies, has 2 voices, and was last updated by  lxy510 13 years, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #4859

    lxy510
    Participant

    I want to filter application’network activity, when it occurs,always make a query to my application.The question is,How to hold a connect (or accept or receive )in tdi filter driver until a answer is received? If I use a NotifyEvent ,where should I place keWaitfor…() with regarding to IRQL level?
    thanks.
    (English pls)

    #5587

    Taras
    Participant

    You must not use KeWaitFor… at IRQL >= DISPATH_LEVEL if timeout is not equal zero. The problem is sometime NotifyEvent occures at DISPATCH_LEVEL and you should handle it immidiatly. So the one way is to copy net packe, hold them and return from NotifyEvent. On PASSIVE_LEVEL you can wait your application and then renew packet.

    #5588

    lxy510
    Participant

    thank you very much.
    I am a new in tdi-filter,do you mean that I should copy the packet(say it,in tdi_event_connect_handler,must return status_pending?) to somewhere the irql==passive_level,then wait for my application’s response,but how to renew the connection to required status?I mean,if deny,then refuse;if allow,re-connect.
    thank you in advance.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.